<?php
session_start();
if(!ob_start("ob_gzhandler")) ob_start();
mysql_connect("localhost", "sapmenet_admin", "a1s2d3f4g5h6j7") or die ("Problem with datebase");
mysql_select_db("sapmenet_users");
$mail=$_POST['mail'];
$mail=htmlspecialchars($mail);
$mail=mysql_real_escape_string($mail);
$pass=$_POST['pass'];
$pass=md5($pass);
$pass=$pass.'tapak';
$pass=md5($pass);
$userPass=mysql_query("SELECT password FROM users WHERE email LIKE '".$mail."'");

if (mysql_num_rows($userPass)!=0)
{
$userPass=mysql_result($userPass, 0);
$activated=mysql_query("SELECT activated FROM users WHERE email LIKE '".$mail."'" );
$activated=mysql_result($activated, 0);
//zashtita
if (!(isset($_SESSION['kelesh'])))
{
	$_SESSION['kelesh']=0;
}
else
{
	$_SESSION['kelesh']++;
}
if ($_SESSION['kelesh']<10)
{
//krai na zashtitata
	if(($pass==$userPass)&&($activated==1))
	{
	$_SESSION['user']= $mail;
	$today=date("Y-m-d");   
	$up="UPDATE  `sapmenet_users`.`users` SET  `lastLogin` = '".$today."' WHERE email LIKE '".$mail."'";
	mysql_query($up);
	$id=mysql_query("SELECT ID FROM users WHERE email LIKE '".$mail."'");
	$id=mysql_result($id,0);
	
		$_SESSION['JID'] = $id;
		header("Location: Framework/profilePage.php?id=$id");
	
	}
	
	else 
	{
	header('Location: index.php?ok=Wrong e-mail or password!');
	}
}
else
{
	header('Location: index.php?ok=Wrong e-mail or password!');
}
}
else 
{
header('Location: index.php?ok=Wrong e-mail or password!');
}
?>